Email Subscription

Archive for February 11th, 2013

2013 has seen some significant changes in the way that attackers use the Blackhole exploit kit in spam attacks. To understand what these changes are, however, let us first go into what Blackhole did in late 2012.

Last year, the majority of URLs found in Blackhole-related phishing messages had the following format:

http://{compromised or abused site}/{eight-digit code}/index.html

For example, a spam run in November contained a link to the website at:

http://{domain #1}/Pz1Fa7u/index.html

Users were redirected by the above link to two URLs:

http://{domain #2}/9WFM1cgc/js.js

http://{domain #3}/0s3FmfEC/js.js

Both of these URLs were hosted on compromised sites. While the webhosting account of domain #2 was suspended, the redundancy of using two redirection pages allowed the attack to continue. The URL at domain #3 led to the malicious landing page, which was located at:

http://{malicious site}/links/created_danger.php

It’s not unusual for multiple redirection pages to lead to a single malicious URL. Frequently, even different spam runs will lead to the same malicious landing page.

With today’s robust technology, it is now possible for users to remotely control their home devices via the Internet. However, as this technology gains a foothold, cybercrime is not far behind.

In our 2013 Security Predictions, our Chief Technology Officer (CTO) Raimund Genes predicted that with digital technology becoming more integrated in our lives, we may be seeing threats in unlikely places. In particular, as more home devices and appliances are designed to access the Internet, they can become new venues for unexpected threats.

In my recent post, I mentioned that the bulk of research initiated on Internet-enabled devices has been on identifying vulnerabilities. Though done to provide better security for end users, the flip side is we’re seeing novel ways to steal information and money. This is an alarming prospect, as majority of these home gadgets have basic IP configuration with limited security options. What’s more, most end users are unaware of these devices’ vulnerability.